On Fri, Jul 1, 2016 at 9:27 AM, Andreas Karlsson <andreas@proxel.se> wrote:
> Hi,
>
> Here is an initial set of patches related to OpenSSL 1.1. Everything should
> still build fine on older OpenSSL versions (and did when I tested with
> 1.0.2h).
>
> 0001-Fixes-for-compiling-with-OpenSSL-1.1.patch
>
> This patch fixes the code so it builds with OpenSSL 1.1 (except the
> CRYPTO_LOCK issue I have reported to the OpenSSL team).
>
> - Makes our configure script check for SSL_new instead
> - Uses functions instead of direct access to struct members
>
> 0002-Define-CRYPTO_LOCK-for-OpenSSL-1.1-compat.patch
>
> Fix for the removal of the CRYPTO_LOCK define. I am trying to convince them
> to add the define back. :)
>
> 0003-Remove-OpenSSL-1.1-deprecation-warnings.patch
>
> Silence all warnings. This commit changes more things and is not necessary
> for getting PostgreSQL to build against 1.1.
>
> - Silences deprecation other warnings related to that OpenSSL 1.1 now 1)
> automatically initializes the library and 2) no longer uses the locking
> callback.
> - Silences deprecation warning when generating DH parameters.
Those patches are going to need a careful review by looking at the
areas they are changing, and a backpatch. On Arch there is no test
package available except in AUR. And that's the pre3 release, OpenSSL
folks are on pre5 now with their beta2. It would be annoying to
compile it manually, but if there is no other way... Is Debian up to
date with 1.1.0 beta2 in its snapshot packages?
--
Michael